To configure device access and user authentication, use the following statements at the [edit access] hierarchy level. Statements exclusively for J-series and SRX-series devices running JUNOS software are shown in bold font and are documented in this chapter.
Shared JUNOS statements in the access hierarchy are shown in normal font and are documented in the JUNOS System Basics Configuration Guide.
- access {
-
-
firewall-authentication {
-
-
pass-through {
-
default-profile profile-name;
-
-
(ftp | http | telnet) {
-
-
banner {
-
fail string;
-
login string;
-
success string;
- }
- }
- }
-
-
traceoptions {
-
file filename <files number> <match regular-expression>
-
<size maximum-file-size> <world-readable
| no-world-readable>
-
flag flag;
- }
-
-
web-authentication {
-
-
banner {
-
success string;
- }
-
default-profile profile-name;
- }
- }
-
-
ldap-options {
-
-
assemble {
-
common-name common-name;
- }
-
base-distinguished-name base-distinguished-name;
-
revert-interval seconds;
-
-
search {
-
-
admin-search {
-
distinguished-name distinguished-name;
-
password password;
- }
-
search-filter filter-name;
- }
- }
-
-
ldap-server server-address {
-
port port-number;
-
retry attempts;
-
routing-instance routing-instance-name;
-
source-address source-address;
-
timeout seconds;
- }
-
- profile profile-name {
- accounting-order
[ accounting-methods];
-
authentication-order (ldap | password | radius | securid);
-
- client
client-name {
- chap-secret chap-secret;
-
client-group [ group-names ];
-
-
firewall-user {
-
password password;
- }
- pap-password pap-password;
- }
-
-
client-name-filter client-name {
-
count number;
-
domain-name domain-name;
-
separator special-character;
- }
-
-
ldap-options {
-
-
assemble {
-
common-name common-name;
- }
-
base-distinguished-name base-distinguished-name;
-
revert-interval seconds;
-
-
search {
-
-
admin-search {
-
distinguished-name distinguished-name;
-
password password;
- }
-
search-filter filter-name;
- }
- }
-
-
ldap-server server-address {
-
port port-number;
-
retry attempts;
-
routing-instance routing-instance-name;
-
source-address source-address;
-
timeout seconds;
- }
-
-
radius-options {
-
revert-interval seconds;
- }
-
-
radius-server server-address {
-
port port-number;
-
retry attempts;
-
routing-instance routing-instance-name;
-
secret password;
-
source-address source-address;
-
timeout seconds;
- }
-
-
session-options {
-
client-group [group-names];
-
client-idle-timeout minutes;
-
client-session-timeout minutes;
- }
- }
-
-
radius-options {
-
revert-interval seconds;
- }
-
-
radius-server server-address {
-
port port-number;
-
retry attempts;
-
routing-instance routing-instance-name;
-
secret password;
-
source-address source-address;
-
timeout seconds;
- }
-
-
securid-server {
-
server-name configuration-file filepath;
- }
- }